About 780 webcam was identified by the research of SecNews and iGuru, in the Greek cyberspace, where everyone can watch the daily lives of thousands of Greek citizens!
Many have wondered how secure our cameras are at work or in our personal space, or how easy it would be for someone to gain access without their owners knowing it.
Without wishing to scare our readers, the short answer to the question is:
It is extremely easy for anyone to access and control or watch your cameras!
From time to time they have seen the publicity cases where unauthorized access to webcam exposed personal moments of innocent citizens while impressing caused the way of protecting the founder of Facebook Mark Zuckerberg in the camera and the computer's microphone!
THE RESEARCH
The question raised in the middle of summer in SecNews's technology and journalistic team was "How exposed are we in Greece to our security webcam?"
SecNews in working with iGuru, in the context of informing society, carried out deep journalistic research durations 2 months where he recorded the entire Greek cyberspace in an effort to identify weaknesses. In the first part of our investigation (and which we are releasing today) we focused on publicly exposed cameras.
The way the relevant information was collected and evaluated was:
- initial scans of the Greek cyberspace (in all published IP addresses)
- importing the data set into a database (MongoDB)
- Optimized scanning exclusively of the active addresses of exposed webcam services [specific ports, specific URLs - specific users with full privileges]
- Automated code generation python για χρήση default Κωδικών access and test access to the found IP addresses
- Create / configure relevant webapp to search for active + port ports depending on the exposed user's IP address.
It is worth mentioning that the process followed (beyond the programming side of the configuration) was particularly easy and can be done by ANY user of the internet with basic network knowledge and minimal programming.
This in itself makes the findings even more important and dangerous for the community as they do not need any specialized knowledge or hacking skills to get access to the webcam we mention and therefore everyone with minimal knowledge can watch exposed cameras !!
It is our delight that SecNews is working with its team friendly iGuru technology website, conducted for the first time a pan-Hellenic Independent Insecurity Detection Research (the first and only one that has been done in Greece on a massive scale, accurately and at such a level).
the findings
All of the findings raised particular concern among SecNews researchers who organized the research. The most alarming feature is the fact that the overwhelming majority (96%) of camera owners are unaware that they are exposed or can watch anywhere their stores or companies. Specifically:
- All of the findings are about incorrectly configured webcam webcams.
- A large part of the research has identified incorrectly parameterized AVTECH cameras. It is not due to a failure of the camera itself, but to installers who did not change the default Access Passwords.
- The installers or companies that have installed the closed circuits and bear FULL RESPONSIBILITY, have left internet access enabled AND by default code access (administrator) admin/admin. Responsibilities should certainly be sought from the owners of the devices in question.
- Therefore, anyone who knows the IP address and the admin / admin port has full access to closed circuit TVs with the ability to change settings, even changing the camera's PTZ look-alike!
- Additionally, as we have seen, in many cases the cameras are placed over stores, hotels or employees in such a place that enables the PIN code entry PIN to enter even the business e-mail passwords or
The Greek Webcam Exposed
It would be frivolous to publish the complete webcam list with the IP addresses we have at our disposal. If we opted for the IP addresses to be published, there was a fear of being used by malicious users, without the owner of the cameras, for a variety of purposes, but also for monitoring citizens. After meetings with the SecNews technology team, we chose to publish through custom made application.
Practically this means that whoever wants it can enter the IP address (shown at the top of the web application) or another IP address and find out if it is exposed to make a prompt fix or to notify competently.
Certainly it would be best to immediately contact AVTECH cameras with their installers and find their IP address in our application to conduct proper customization.
Our application can be found here [here].
We would advise you to share the share https://iguru.gr/check-camera/ and your friends and acquaintances directly to check their exposure to the risk.
Respective mass searches / investigations by SecNews, not only for webcam but also for other weaknesses involving servers and networking devices and may lead to interceptions or leaks, will continue to inform and protect the community and Greek citizens.
We thank the iGuru.gr team for the technical participation and support during theexport of investigations.
https://iguru.gr/107235/webcam/